Offensive Security Certified Professional Explained

Offensive Security Certified Professional (OSCP, also known as OffSec Certified Professional) is an ethical hacking certification offered by Offensive Security (or OffSec) that teaches penetration testing methodologies and the use of the tools included with the Kali Linux distribution (successor of BackTrack).[1] The OSCP is a hands-on penetration testing certification, requiring holders to successfully attack and penetrate various live machines in a safe lab environment.[2] It is considered more technical than other ethical hacking certifications,[3] [4] and is one of the few certifications that requires evidence of practical penetration testing skills.[5]

Recertification

The OSCP does not require recertification.[6]

Relations to other security trainings or exams

Successful completion of the OSCP exam qualifies the student for 40 (ISC)² CPE credits.

In 2015, the UK's predominant accreditation body for penetration testing, CREST,[7] began recognising OSCP as equivalent to their intermediate level qualification CREST Registered Tester (CRT).[8]

Reception

In "Kali Linux: A toolbox for pentest," JM Porup called OSCP certification "coveted" because it required passing a difficult 24-hour exam demonstrating hacking.[9] In a press release on a new chief operating officer for a security services company, the company's use of OSCP professionals was described as a strength.[10] In "The Ultimate Guide To Getting Started With Cybersecurity" Vishal Chawla of Analytics India Mag recommended OSCP as one of two "well known" security certifications.[11] In an interview of Offensive Security CEO Ning Wang, Adam Bannister of The Daily Swig discussed a "major update" to "Penetration Testing with Kali Linux (PWK)" training course, which leads to OSCP certification for students who pass the final exam.[12] The training updates were discussed in detail in helpnet security.[13]

In The Basics of Web Hacking: Tools and Techniques to Attack the Web, Josh Pauli called OSCP "highly respected."[14] Cybersecurity Education for Awareness and Compliance gave a syllabus outline of the training course for OSCP.[15] In Phishing Dark Waters: The Offensive and Defensive Sides of Malicious Emails, co-author Christopher Hadnagy listed OSCP as one of his qualifications.[16] Certified Ethical Hacker (CEH) Foundation Guide listed OSCP as one of two certifications by Offensive Security for a "Security Testing Track."[17] Sicherheit von Webanwendungen in der Praxis also included OSCP in a list of recommended certifications.[18] Building a Pentesting Lab for Wireless Networks called Offensive Security training "practical and hands-on" and said they were "most recommended."[19]

In "The Information Security Undergraduate Curriculum: Evolution of a Small Program" Lionel Mew of University of Richmond said 35% of Information security jobs require certifications, and described OSCP as a "popular certification."[20] "Maintaining a Cybersecurity Curriculum: Professional Certifications as Valuable Guidance" called OSCP an "advanced certification" and one of "a select few" requiring hands-on penetration skills demonstrations.[21]

Notes and References

  1. Web site: Offensive Security Certified Professional . dead . https://web.archive.org/web/20161012080018/https://www.offensive-security.com/information-security-certifications/oscp-offensive-security-certified-professional/ . 12 October 2016 . 13 October 2016 . Offensive Security.
  2. Web site: Final Course and Exam Review: Pen Testing with BackTrack . Linn, Ryan . 1 March 2010 . EH-Net Online Mag . 13 October 2016 . 17 December 2018 . https://web.archive.org/web/20181217014837/https://www.ethicalhacker.net/columns/linn/final-course-exam-review-pen-testing-with-backtrack/ . dead .
  3. Web site: How to Get a Job as an Ethical Hacker . 15 July 2014 . Westfall . Brian . 13 October 2016 . Intelligent Defense . Software Advice . 21 May 2017 . https://web.archive.org/web/20170521152135/http://intelligent-defense.softwareadvice.com/how-to-get-an-ethical-hacker-job-0714/ . live .
  4. Web site: How well does social engineering work? One test returned 150% . https://web.archive.org/web/20160811231245/http://www.networkworld.com/article/3105496/security/how-well-does-social-engineering-work-one-test-returned-150.html . dead . August 11, 2016 . Dix . John . 11 August 2016 . 13 October 2016 . Network World.
  5. Certification Spotlight: Offensive Security's OSCP . 2012 . Merritt . Chris . IAnewsletter . 15 . 2 . 24–25 . . 2016-10-13 . 2018-12-16 . https://web.archive.org/web/20181216210833/https://www.csiac.org/wp-content/uploads/2016/02/Vol15_No2.pdf . dead .
  6. Web site: 2018-09-13 . Offensive Security FAQ . 2023-05-15 . https://web.archive.org/web/20180913190740/https://www.offensive-security.com/faq/#certificate-expire . 2018-09-13 .
  7. Analysis and recommendations for standardization in penetration testing and vulnerability assessment: Penetration testing market survey . Knowles . William . Baron . Alistair . McGarr . Tim . 26 May 2015 . . 13 October 2016 . 10 February 2019 . https://web.archive.org/web/20190210175028/http://eprints.lancs.ac.uk/74275/ . live .
  8. CREST Signs New Partnership with Offensive Security to Improve the Standards of Information Security. 4 August 2015. CREST and Offensive Security. 6 September 2018. 7 September 2018. https://web.archive.org/web/20180907032318/https://www.crest-approved.org/2015/08/04/crest-partnership-with-offensive-security/index.html. dead.
  9. Web site: Kali Linux : Une boîte à outils pour pentest - Le Monde Informatique. LeMondeInformatique. 25 February 2020. fr. 2020-03-15. 2020-04-02. https://web.archive.org/web/20200402081423/https://www.lemondeinformatique.fr/actualites/lire-kali-linux-une-boite-a-outils-pour-pentest-78201.html. live.
  10. Web site: Anchin, Block & Anchin LLP Expands Firm's Cybersecurity Practice - Tab Bradshaw Joins as New Leader of Redpoint Cybersecurity LLC. Benzinga. en. 2020-03-15. 2020-04-20. https://web.archive.org/web/20200420035244/https://www.benzinga.com/pressreleases/20/03/n15487607/anchin-block-anchin-llp-expands-firms-cybersecurity-practice-tab-bradshaw-joins-as-new-leader-of-r. live.
  11. Web site: The Ultimate Guide To Getting Started With Cybersecurity. Chawla. Vishal. 2020-02-24. Analytics India Magazine. en-US. 2020-03-15. 2020-04-18. https://web.archive.org/web/20200418184427/https://analyticsindiamag.com/cybersecurity-career-guide/. live.
  12. Web site: 'We're our own focus group' – Ning Wang on security certification, training, and keeping Kali Linux on top. 2020-03-03. The Daily Swig Cybersecurity news and views. en. 2020-03-15. 2020-03-13. https://web.archive.org/web/20200313173307/https://portswigger.net/daily-swig/were-our-own-focus-group-ning-wang-on-security-certification-training-and-keeping-kali-linux-on-top. live.
  13. Web site: Offensive Security releases major update to its Penetration Testing with Kali Linux training course. 2020-02-11. Help Net Security. en-US. 2020-03-15. 2020-08-09. https://web.archive.org/web/20200809144810/https://www.helpnetsecurity.com/2020/02/11/penetration-testing-with-kali-linux/. live.
  14. Book: Pauli, Josh. The Basics of Web Hacking: Tools and Techniques to Attack the Web. 2013-06-18. Elsevier. 978-0-12-416659-2. 140. en.
  15. Book: Ismini. Vasileiou. Cybersecurity Education for Awareness and Compliance. Steven. Furnell. 2019-02-22. IGI Global. 978-1-5225-7848-2. 233–234. en. 2020-10-03. 2024-06-09. https://web.archive.org/web/20240609004806/https://books.google.com/books?id=5iqQDwAAQBAJ&q=%22Offensive+Security+Certified+Professional%22+-wikipedia&pg=PA247#v=snippet&q=%22Offensive%20Security%20Certified%20Professional%22%20-wikipedia&f=false. live.
  16. Book: Hadnagy. Christopher. Phishing Dark Waters: The Offensive and Defensive Sides of Malicious Emails. Fincher. Michele. 2015-03-18. John Wiley & Sons. 978-1-118-95848-3. viii. en. 2020-10-03. 2024-06-09. https://web.archive.org/web/20240609004806/https://books.google.com/books?id=EkExBwAAQBAJ&q=%22Offensive+Security+Certified+Professional%22+-wikipedia&pg=PR8#v=snippet&q=%22Offensive%20Security%20Certified%20Professional%22%20-wikipedia&f=false. live.
  17. Book: Rahalkar, Sagar Ajay. Certified Ethical Hacker (CEH) Foundation Guide. 2016-11-29. Apress. 978-1-4842-2325-3. 184. en. 2020-10-03. 2024-06-09. https://web.archive.org/web/20240609004807/https://books.google.com/books?id=aSigDQAAQBAJ&q=%22Offensive+Security+Certified+Professional%22+-wikipedia&pg=PA184#v=snippet&q=%22Offensive%20Security%20Certified%20Professional%22%20-wikipedia&f=false. live.
  18. Book: Rohr, Matthias. Sicherheit von Webanwendungen in der Praxis: Wie sich Unternehmen schützen können – Hintergründe, Maßnahmen, Prüfverfahren und Prozesse. 2018-03-19. Springer-Verlag. 978-3-658-20145-6. 447. de. 2020-10-03. 2024-06-09. https://web.archive.org/web/20240609004807/https://books.google.com/books?id=e1NSDwAAQBAJ&q=%22Offensive+Security+Certified+Professional%22+-wikipedia&pg=PA447#v=snippet&q=%22Offensive%20Security%20Certified%20Professional%22%20-wikipedia&f=false. live.
  19. Book: Fadyushin. Vyacheslav. Building a Pentesting Lab for Wireless Networks. Popov. Andrey. 2016-03-28. Packt Publishing Ltd. 978-1-78528-606-3. 234. en. 2020-10-03. 2024-06-09. https://web.archive.org/web/20240609004808/https://books.google.com/books?id=NbTjCwAAQBAJ&q=%22Offensive+Security+Certified+Professional%22+-wikipedia&pg=PA234#v=snippet&q=%22Offensive%20Security%20Certified%20Professional%22%20-wikipedia&f=false. live.
  20. Mew. Lionel. 2016. The Information Security Undergraduate Curriculum: Evolution of a Small Program. 2016 Proceedings of the EDSIG Conference. 2. 5. 2020-03-15. 2021-07-24. https://web.archive.org/web/20210724170017/https://proc.iscap.info/2016/pdf/4071.pdf. live.
  21. December 2017. Maintaining a Cybersecurity Curriculum: Professional Certifications as Valuable Guidance. Journal of Information Systems Education. 28. 106. 2020-03-15. 2024-06-09. https://web.archive.org/web/20240609004813/http://jise.org/Volume28/n2/JISEv28n2p101.pdf. live.